Smishing – SMS Spoofing and Identity Theft for Mobile Phones
Chances are, you have security software installed on your computer to protect your email against “phishing”— fraudulent messages that attempt to get you to reveal sensitive information such as account numbers and passwords. But now there’s a new venue for these types of identity theft scams: your cell phone.
What Is Smishing?
“Smishing” is phishing that’s conducted over short message service (SMS), more commonly known as text messaging. The Pew Internet and American Life Project found that on average, mobile phone users send and receive approximately 40 text messages a day. At some point, you’re likely to encounter these fraudulent text messages and the scam of identity theft smishing. If your smartphone isn’t secure, your personal information could be vulnerable and identity theft becomes more likely.
Sample Smishing Messages
Common smishing fraudulent text messages (also referred to as SMS – short message service) often appear to require immediate attention. The fraudulent messages may take a format such as:
- A fraudulent text message “from your bank,” telling you your account has been shut down and asking you to call a number to reactivate the account
- A text message that says you have been registered for a service and will be charged unless you take some form of action, such as visiting a website
- A confirmation of a purchase that directs you to call a number if the confirmation is inaccurate
If you take the actions prompted by the fraudulent text messages, you may be sending your personal information directly to a scammer. Some spy programs will spread malware or a virus on your mobile phone or computer. And others may give the scammers the means to eavesdrop on your phone calls.
How to Protect Yourself from Identity Theft
If you get a text that’s unsolicited or from an unidentifiable source, protect yourself with these tips:
- If the text message appears to be from a legitimate source, contact that source’s actual phone number—not the phone number provided in the text—and verify that it is legitimate. Legitimate businesses, such as banks, do not send text messaging that elicits a response.
- Delete any text message from unknown sources without reading
- Do not click on links or download software apps from an unverified source
- Never provide sensitive information to an unverified source
- Avoid any text message that appears to come from the number 5000. This may be an identity that hides a scammer’s real phone number. The message may be masked using a technique called SMS spoofing (described below).
- Add security software to your mobile phone
- Look into setting up a “text alias.” This cell phone feature hides your actual phone number from the smishing sender
- Contact your cell phone service provider and report the text messaging you received
Short Message Service (SMS)
SMS (Short Message Service), commonly referred to as text messaging is a service for sending short messages of up to 160 characters (224 characters if using a 5-bit mode) to mobile devices.
SMS Spoofing a is a new technology that use the short message service (SMS) to set who the messages appears to come from by replacing the originating mobile phone number with alphanumeric text. SMS spoofing has a legitimate purpose, but can also be use to impersonate another person, company or product. SMS spoofing is a common technique used by scammers.
To File a Complaint
To learn more or to file a complaint, contact the Federal Trade Commission at www.ftc.gov<http://www.ftc.gov and visit the FTC’s identity theft website www.ftc.gov/idtheft.<http://www.ftc.gov/idtheft.
Learn more about other Frauds, Scams and Schemes.